mattbrailsford
commented
7 years ago I'm not sure what you mean, can you explain a bit more what you are trying to achieve?
Closed biapar closed 7 years ago
mattbrailsford
commented
7 years ago I'm not sure what you mean, can you explain a bit more what you are trying to achieve?
biapar
commented
7 years ago I wish only to say what mean SecurityLevel.
mattbrailsford
commented
7 years ago AuthU doesn't have a OAuthClient class so I think you may be using some other library and getting confused?
biapar
commented
7 years ago No. The field is into the db table OAuthClient
mattbrailsford
commented
7 years ago Ahh, sorry, yes. This is to signify if the client is Insecure "0" such as JS, where saving your client secret would be bad, or Secure "1" if you client is compiled and so embedding the client secret is ok. If the client is "secure" then when you make a request using that client app the client secret is validated making sure requests only come from your client.
biapar
commented
7 years ago Ah ok. So in "secure" mode, I can call the webapi only from that clientID. Is't right?
mattbrailsford
commented
7 years ago that is correct yes. So say you developed a mobile app, you don't want just anyone using your api's, so this lets you restrict it to your application only. Where as for an insecure app, such as a web client, you'd probably have to secure it via the allowed origin header to only accept requests from your domain.
How to use and mean SecurityLevel into OAuthClient?